Configuring firewall for Google Cloud Messaging - ASN 15169

Question

We have a mobile application that uses Google Cloud Messaging. This means our internal server has to communicate with Google's GCM server at android.googleapis.com on a specific port.

Our IT team is reluctant to open this outgoing port to any machine, and therefore would like to configure the firewall so we can only talk to the Google GCM server on this port.

This is where it get's tricky. In their developer docs, Google gives the following configuration advice:

"Note: If your organization has a firewall that restricts the traffic to or from the Internet, you need to configure it to allow connectivity with GCM in order for your Android devices to receive messages. The ports to open are: 5228, 5229, and 5230. GCM typically only uses 5228, but it sometimes uses 5229 and 5230. GCM doesn't provide specific IPs, so you should allow your firewall to accept outgoing connections to all IP addresses contained in the IP blocks listed in Google's ASN of 15169."

Is there an authoritative source of what IP Addresses make up ASN 15169? I've done a lot of searching, and have come up with some dodgy looking sites. I was hoping to fine the canonical list somewhere.

Thanks for your help.

score 2 · Answer 1 · answered Sep 03 '13 at 16:36

2

Have you tried Hurricane Electric's site: http://bgp.he.net/AS15169#_asinfo

I've used their tools and resources for years and found them to be excellent.

answered Sep 03 '13 at 16:36

HeXonX

29

score 0 · Answer 2 · answered Apr 03 '17 at 10:53

0

Check the following. You will get IP address blocks listed in Google's ASN of 15169.

https://ipinfo.io/AS15169

answered Apr 03 '17 at 10:53

Abhijeet Ramdhave

1

score -1 · Answer 3 · edited Apr 13 '17 at 12:14

-1

@HeXonX: Check this link: https://www.dan.me.uk/bgplookup?asn=15169

Reference: Need an IP Range for google's CDN to set up a firewall

edited Apr 13 '17 at 12:14

Community

1

answered Jan 03 '14 at 05:00

Nira

1

score -1 · Answer 4 · edited Aug 31 '14 at 19:54

Looks a bit late. But I found this link. Tested at my own router. Works

Source: http://esupport.trendmicro.com/solution/en-us/1060693.aspx

There are two ways an Android device communicates with the SVC server. One is the Google Cloud Messaging (GCM) notification and the other is periodical polling. Android devices leverage these to receive commands, apply server configurations, and send malware logs.

Open the following ports

5228     outbound     android.apis.google.com
5229     outbound     android.apis.google.com
5230     outbound     android.apis.google.com
443      outbound     android.apis.google.com, google.com

Configuring firewall for Google Cloud Messaging - ASN 15169

4 Answers4